strongswan.git
10 years agoadded EAP-PEAP options to strongswan.conf
Andreas Steffen [Wed, 6 Apr 2011 18:08:56 +0000 (20:08 +0200)]
added EAP-PEAP options to strongswan.conf

10 years agodefine MSCHAPv2 as default phase2 algorithm for EAP-PEAP
Andreas Steffen [Wed, 6 Apr 2011 18:07:59 +0000 (20:07 +0200)]
define MSCHAPv2 as default phase2 algorithm for EAP-PEAP

10 years agoadded ikev2/rw-eap-peap-mschapv2 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:58 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-mschapv2 scenario

10 years agoadded ikev2/rw-eap-peap-md5 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:30 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-md5 scenario

10 years agoadded ikev2/rw-eap-peap-radius scenario
Andreas Steffen [Wed, 6 Apr 2011 17:42:52 +0000 (19:42 +0200)]
added ikev2/rw-eap-peap-radius scenario

10 years agoallow multi-pass authentication schemes as e.g. MSCHAPv2
Andreas Steffen [Wed, 6 Apr 2011 17:39:00 +0000 (19:39 +0200)]
allow multi-pass authentication schemes as e.g. MSCHAPv2

10 years agodisplay EAP identifiers in HEX format
Andreas Steffen [Wed, 6 Apr 2011 15:34:27 +0000 (17:34 +0200)]
display EAP identifiers in HEX format

10 years agono EAP identifier offset required in build() function
Andreas Steffen [Wed, 6 Apr 2011 15:33:01 +0000 (17:33 +0200)]
no EAP identifier offset required in build() function

10 years agoadded missing function pointers in eap_identity_create_server()
Andreas Steffen [Wed, 6 Apr 2011 13:47:49 +0000 (15:47 +0200)]
added missing function pointers in eap_identity_create_server()

10 years agoimplemented the PEAP tunneling protocol as an EAP plugin
Andreas Steffen [Wed, 6 Apr 2011 12:42:02 +0000 (14:42 +0200)]
implemented the PEAP tunneling protocol as an EAP plugin

10 years agoadded get|set_identifier() methods to eap_tnc_t
Andreas Steffen [Wed, 6 Apr 2011 05:50:42 +0000 (07:50 +0200)]
added get|set_identifier() methods to eap_tnc_t

10 years agoadded EAP identifier to debug output
Andreas Steffen [Tue, 5 Apr 2011 18:53:46 +0000 (20:53 +0200)]
added EAP identifier to debug output

10 years agoadded get|set_identifier() methods to eap_tls_t and eap_ttls_t
Andreas Steffen [Tue, 5 Apr 2011 16:35:22 +0000 (18:35 +0200)]
added get|set_identifier() methods to eap_tls_t and eap_ttls_t

10 years agoadded TLS_PURPOSE_EAP_PEAP
Andreas Steffen [Tue, 5 Apr 2011 16:16:28 +0000 (18:16 +0200)]
added TLS_PURPOSE_EAP_PEAP

10 years agoimplemented get|set_identifier() for tls_eap_t
Andreas Steffen [Tue, 5 Apr 2011 16:14:58 +0000 (18:14 +0200)]
implemented get|set_identifier() for tls_eap_t

10 years agoeap_packet_t definition moved to libstrongswan/eap/eap.h
Andreas Steffen [Tue, 5 Apr 2011 16:04:45 +0000 (18:04 +0200)]
eap_packet_t definition moved to libstrongswan/eap/eap.h

10 years agoadded EAP PEAP and MSTLV protocols
Andreas Steffen [Tue, 5 Apr 2011 15:59:49 +0000 (17:59 +0200)]
added EAP PEAP and MSTLV protocols

10 years agoimplemented get|set_identifier() for eap_sim_t
Andreas Steffen [Tue, 5 Apr 2011 15:01:28 +0000 (17:01 +0200)]
implemented get|set_identifier() for eap_sim_t

10 years agoMigrated eap_sim plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 14:12:38 +0000 (16:12 +0200)]
Migrated eap_sim plugin to INIT/METHOD macros

10 years agoimplemented get|set_identifier() for eap_radius_t
Andreas Steffen [Tue, 5 Apr 2011 13:57:00 +0000 (15:57 +0200)]
implemented get|set_identifier() for eap_radius_t

10 years agostore EAP identifier on peer side
Andreas Steffen [Tue, 5 Apr 2011 13:45:51 +0000 (15:45 +0200)]
store EAP identifier on peer side

10 years agoimplemented get|set_identifier() for eap_aka_t
Andreas Steffen [Tue, 5 Apr 2011 13:38:54 +0000 (15:38 +0200)]
implemented get|set_identifier() for eap_aka_t

10 years agoAdded support for DES_ECB to af-alg, required for eap-mschapv2
Martin Willi [Tue, 5 Apr 2011 13:11:17 +0000 (15:11 +0200)]
Added support for DES_ECB to af-alg, required for eap-mschapv2

10 years agoMigrated eap_aka plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 13:20:22 +0000 (15:20 +0200)]
Migrated eap_aka plugin to INIT/METHOD macros

10 years agoimplemented get|set_identifier() for eap_gtc_t
Andreas Steffen [Tue, 5 Apr 2011 12:47:19 +0000 (14:47 +0200)]
implemented get|set_identifier() for eap_gtc_t

10 years agoMigrated eap_gtc plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 12:44:26 +0000 (14:44 +0200)]
Migrated eap_gtc plugin to INIT/METHOD macros

10 years agoimplemented get|set_identifier() for eap_mschapv2_t
Andreas Steffen [Tue, 5 Apr 2011 12:44:09 +0000 (14:44 +0200)]
implemented get|set_identifier() for eap_mschapv2_t

10 years agoMigrated eap_mschapv2 plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 12:23:59 +0000 (14:23 +0200)]
Migrated eap_mschapv2 plugin to INIT/METHOD macros

10 years agoimplemented get|set_identifier() for eap_identity_t and eap_md5_t
Andreas Steffen [Tue, 5 Apr 2011 12:22:58 +0000 (14:22 +0200)]
implemented get|set_identifier() for eap_identity_t and eap_md5_t

10 years agolog the EAP identifier also for vendor specific EAP methods
Andreas Steffen [Tue, 5 Apr 2011 11:57:37 +0000 (13:57 +0200)]
log the EAP identifier also for vendor specific EAP methods

10 years agolog the initial value of the EAP identifier
Andreas Steffen [Tue, 5 Apr 2011 11:54:26 +0000 (13:54 +0200)]
log the initial value of the EAP identifier

10 years agoadded get_identifier() and set_identifier() methods
Andreas Steffen [Tue, 5 Apr 2011 11:31:32 +0000 (13:31 +0200)]
added get_identifier() and set_identifier() methods

10 years agoMigrated eap_sim_pcsc plugin to INIT/METHOD macros
Martin Willi [Mon, 4 Apr 2011 07:31:45 +0000 (09:31 +0200)]
Migrated eap_sim_pcsc plugin to INIT/METHOD macros

10 years agoSlightly reformatted SIM pcsc code
Martin Willi [Mon, 4 Apr 2011 07:21:54 +0000 (09:21 +0200)]
Slightly reformatted SIM pcsc code

10 years agoAdded SIM card backend based on pcsc-lite
Duncan Salerno [Mon, 4 Apr 2011 06:51:50 +0000 (08:51 +0200)]
Added SIM card backend based on pcsc-lite

10 years agoAdded alloc/stream options to fetcher test utility
Martin Willi [Fri, 1 Apr 2011 09:40:18 +0000 (11:40 +0200)]
Added alloc/stream options to fetcher test utility

10 years agoAdded support for FETCH_CALLBACK to soup fetcher
Martin Willi [Fri, 1 Apr 2011 09:30:35 +0000 (11:30 +0200)]
Added support for FETCH_CALLBACK to soup fetcher

10 years agoSupport FETCH_CALLBACK in curl fetcher
Martin Willi [Fri, 1 Apr 2011 09:01:42 +0000 (11:01 +0200)]
Support FETCH_CALLBACK in curl fetcher

10 years agoAdded a new FETCH_CALLBACK option to fetch data without allocation
Martin Willi [Fri, 1 Apr 2011 08:30:42 +0000 (10:30 +0200)]
Added a new FETCH_CALLBACK option to fetch data without allocation

10 years agoMigrated fetcher_manager to INIT/METHOD macros
Martin Willi [Fri, 1 Apr 2011 08:26:24 +0000 (10:26 +0200)]
Migrated fetcher_manager to INIT/METHOD macros

10 years agoversion bump to 4.5.2dr4
Andreas Steffen [Sat, 2 Apr 2011 05:46:16 +0000 (07:46 +0200)]
version bump to 4.5.2dr4

10 years agoupdated ikev2/rw-eap-tnc scenarios
Andreas Steffen [Fri, 1 Apr 2011 17:44:25 +0000 (19:44 +0200)]
updated ikev2/rw-eap-tnc scenarios

10 years agoInstall systemd service file if systemd is available
Miklos Vajna [Mon, 28 Mar 2011 18:04:00 +0000 (20:04 +0200)]
Install systemd service file if systemd is available

10 years agolog TNC PEP decision with level 0
Andreas Steffen [Fri, 25 Mar 2011 11:48:45 +0000 (12:48 +0100)]
log TNC PEP decision with level 0

10 years agoIncrease whitelist message identity buffer to 128 bytes
Martin Willi [Wed, 23 Mar 2011 13:16:13 +0000 (14:16 +0100)]
Increase whitelist message identity buffer to 128 bytes

10 years agoFix order of PURGE_* flags to be compatible with STROKE_PURGE_* keywords
Martin Willi [Wed, 23 Mar 2011 08:28:40 +0000 (09:28 +0100)]
Fix order of PURGE_* flags to be compatible with STROKE_PURGE_* keywords

10 years agoMake availability of glob(3) optional in settings_t.
Tobias Brunner [Tue, 22 Mar 2011 18:17:51 +0000 (19:17 +0100)]
Make availability of glob(3) optional in settings_t.

If glob(3) is not available just try to open the pattern as regular
file. The reason for this change is that glob(3) is not available on Android.

10 years agoMake sure that files included in settings_t are regular files.
Tobias Brunner [Tue, 22 Mar 2011 18:16:19 +0000 (19:16 +0100)]
Make sure that files included in settings_t are regular files.

10 years agoDefine PLUGINDIR in Android.mk even though it is currently not used.
Tobias Brunner [Tue, 22 Mar 2011 16:37:19 +0000 (17:37 +0100)]
Define PLUGINDIR in Android.mk even though it is currently not used.

The combined plugin loader requires PLUGINDIR to be defined.

10 years agoFile lists in Android.mk files updated to those in the Makefiles.
Tobias Brunner [Tue, 22 Mar 2011 16:36:23 +0000 (17:36 +0100)]
File lists in Android.mk files updated to those in the Makefiles.

10 years agoFall back to _LINUX_CAPABILITY_VERSION if no explicit version is defined.
Tobias Brunner [Tue, 22 Mar 2011 16:33:29 +0000 (17:33 +0100)]
Fall back to _LINUX_CAPABILITY_VERSION if no explicit version is defined.

This is the case on Android.

10 years agoredirect debug output of imc/imv pairs to syslog
Andreas Steffen [Sat, 19 Mar 2011 22:23:52 +0000 (23:23 +0100)]
redirect debug output of imc/imv pairs to syslog

10 years agosome changes to the ikev2/rw-eap-tnc-11|20 scenarios
Andreas Steffen [Sat, 19 Mar 2011 15:48:06 +0000 (16:48 +0100)]
some changes to the ikev2/rw-eap-tnc-11|20 scenarios

10 years agoTNC server did not issue a TNC_CONNECTION_STATE_HANDSHAKE NotifyConnection message
Andreas Steffen [Sat, 19 Mar 2011 15:43:22 +0000 (16:43 +0100)]
TNC server did not issue a TNC_CONNECTION_STATE_HANDSHAKE NotifyConnection message

10 years agoaf-alg plugin does not require hmac and xcbc plugins
Andreas Steffen [Fri, 18 Mar 2011 08:54:59 +0000 (09:54 +0100)]
af-alg plugin does not require hmac and xcbc plugins

10 years agoadded duplicheck.enable and whitelist.enable options to strongswan.conf man page
Andreas Steffen [Fri, 18 Mar 2011 07:01:09 +0000 (08:01 +0100)]
added duplicheck.enable and whitelist.enable options to strongswan.conf man page

10 years agoadded af-alg-ikev1/alg-camellia scenario
Andreas Steffen [Fri, 18 Mar 2011 06:39:21 +0000 (07:39 +0100)]
added af-alg-ikev1/alg-camellia scenario

10 years agoadded af-alg-ikev2/alg-camellia scenario
Andreas Steffen [Fri, 18 Mar 2011 06:34:48 +0000 (07:34 +0100)]
added af-alg-ikev2/alg-camellia scenario

10 years agoadded the af-alg-ikev1/rw-cert scenario
Andreas Steffen [Thu, 17 Mar 2011 22:16:41 +0000 (23:16 +0100)]
added the af-alg-ikev1/rw-cert scenario

10 years agoadded the af-alg-ikev2/rw-cert scenario
Andreas Steffen [Thu, 17 Mar 2011 21:55:26 +0000 (22:55 +0100)]
added the af-alg-ikev2/rw-cert scenario

10 years agobuild the af-alg plugin in the UML test environment
Andreas Steffen [Thu, 17 Mar 2011 21:53:09 +0000 (22:53 +0100)]
build the af-alg plugin in the UML test environment

10 years agoinclude linux/if_alg.h in the strongSwan distribution
Andreas Steffen [Thu, 17 Mar 2011 21:52:04 +0000 (22:52 +0100)]
include linux/if_alg.h in the strongSwan distribution

10 years agoversion bump to 4.5.2dr3
Andreas Steffen [Thu, 17 Mar 2011 19:24:44 +0000 (20:24 +0100)]
version bump to 4.5.2dr3

10 years agoadded NEWS for 4.5.2dr2 release
Andreas Steffen [Thu, 17 Mar 2011 19:24:00 +0000 (20:24 +0100)]
added NEWS for 4.5.2dr2 release

10 years agoAdded a strongswan.conf "enabled" option for duplicheck plugin
Martin Willi [Thu, 17 Mar 2011 16:34:11 +0000 (17:34 +0100)]
Added a strongswan.conf "enabled" option for duplicheck plugin

10 years agoAdded strongswan.conf and runtime option to enable/disable whitelist plugin
Martin Willi [Thu, 17 Mar 2011 16:15:16 +0000 (17:15 +0100)]
Added strongswan.conf and runtime option to enable/disable whitelist plugin

10 years agoMove establish/inherit of rekeyed IKE_SAs to delete messages
Martin Willi [Tue, 15 Mar 2011 14:20:09 +0000 (15:20 +0100)]
Move establish/inherit of rekeyed IKE_SAs to delete messages

Having the inherit() function delayed to the IKE_SA establish procedure
was problematic. The task destroy function was never a good place and
results in locking/cleanup problems. After establishing the SA, it
should be really checked in ASAP to avoid any triggered DPD checks
to get lost.

10 years agoWrap IKE delete after rekey into rekey task for responder, too
Martin Willi [Tue, 15 Mar 2011 10:51:53 +0000 (11:51 +0100)]
Wrap IKE delete after rekey into rekey task for responder, too

10 years agoDo not invoke processor restart() if not required
Martin Willi [Tue, 15 Mar 2011 10:48:19 +0000 (11:48 +0100)]
Do not invoke processor restart() if not required

Doing so might result in a deadlock during shutdown if a delayed
restart is locked on the bus during the debug statement.

10 years agoMigrated ike_rekey task to INIT/METHOD macros
Martin Willi [Tue, 15 Mar 2011 10:30:02 +0000 (11:30 +0100)]
Migrated ike_rekey task to INIT/METHOD macros

10 years agofixed asn1_oid_from_string(), allowing it to handle up to 32 bit node numbers
Andreas Steffen [Sat, 12 Mar 2011 12:46:14 +0000 (13:46 +0100)]
fixed asn1_oid_from_string(), allowing it to handle up to 32 bit node numbers

10 years agofixed parsing of X.509 certificatePolicies
Andreas Steffen [Fri, 11 Mar 2011 11:38:00 +0000 (12:38 +0100)]
fixed parsing of X.509 certificatePolicies

10 years agoadded tcg-at-tpmIdLabel OID
Andreas Steffen [Fri, 11 Mar 2011 10:48:46 +0000 (11:48 +0100)]
added tcg-at-tpmIdLabel OID

10 years agooutput unknown OIDs in dot string notation
Andreas Steffen [Fri, 11 Mar 2011 10:48:22 +0000 (11:48 +0100)]
output unknown OIDs in dot string notation

10 years agoversion bump to 4.5.2dr2
Andreas Steffen [Fri, 11 Mar 2011 08:12:13 +0000 (09:12 +0100)]
version bump to 4.5.2dr2

10 years agoadded NEWS for the 4.5.2dr1 release
Andreas Steffen [Fri, 11 Mar 2011 08:11:37 +0000 (09:11 +0100)]
added NEWS for the 4.5.2dr1 release

10 years agofixed asn1_oid_to_string() conversion
Andreas Steffen [Wed, 9 Mar 2011 14:35:35 +0000 (15:35 +0100)]
fixed asn1_oid_to_string() conversion

10 years agoUse a boolean expression for refcount check, fixes refcounting if bool is a signed...
Martin Willi [Wed, 9 Mar 2011 06:52:13 +0000 (07:52 +0100)]
Use a boolean expression for refcount check, fixes refcounting if bool is a signed char

10 years agoMigrated sim_manager to INIT/METHOD macros
Martin Willi [Tue, 8 Mar 2011 14:02:42 +0000 (15:02 +0100)]
Migrated sim_manager to INIT/METHOD macros

10 years agoProtect sim card/provider/hook (un-)registration with a rwlock
Martin Willi [Tue, 8 Mar 2011 13:52:47 +0000 (14:52 +0100)]
Protect sim card/provider/hook (un-)registration with a rwlock

10 years agoSplitted sim_manager.h header to sim_{card,provider,hooks}.h
Martin Willi [Tue, 8 Mar 2011 13:17:53 +0000 (14:17 +0100)]
Splitted sim_manager.h header to sim_{card,provider,hooks}.h

10 years agodefined some TCG attribute OIDs
Andreas Steffen [Tue, 8 Mar 2011 06:27:00 +0000 (07:27 +0100)]
defined some TCG attribute OIDs

10 years agosupport of RSAES-OAEP public keys
Andreas Steffen [Tue, 8 Mar 2011 06:03:22 +0000 (07:03 +0100)]
support of RSAES-OAEP public keys

10 years agoadded id-RSAES-OAEP and id-pSpecified OIDs
Andreas Steffen [Mon, 7 Mar 2011 21:46:28 +0000 (22:46 +0100)]
added id-RSAES-OAEP and id-pSpecified OIDs

10 years agoinitiate or route all child configs if they have different names from their parent...
Andreas Steffen [Fri, 4 Mar 2011 06:02:03 +0000 (07:02 +0100)]
initiate or route all child configs if they have different names from their parent peer config

10 years agoAlign netlink attributes properly if rta_len not a multiple of RTA_ALIGNTO
Martin Willi [Wed, 2 Mar 2011 15:06:13 +0000 (16:06 +0100)]
Align netlink attributes properly if rta_len not a multiple of RTA_ALIGNTO

10 years agoinitiate or route child configs which don't have a peer config of the same name
Andreas Steffen [Tue, 1 Mar 2011 21:24:19 +0000 (22:24 +0100)]
initiate or route child configs which don't have a peer config of the same name

10 years agoput DN in double quotes
Andreas Steffen [Fri, 18 Feb 2011 16:36:18 +0000 (17:36 +0100)]
put DN in double quotes

10 years agocorrected pkcs11 error message
Andreas Steffen [Fri, 18 Feb 2011 16:32:48 +0000 (17:32 +0100)]
corrected pkcs11 error message

10 years agoImplemented permanent certificate coupling plugin
Martin Willi [Mon, 21 Feb 2011 13:05:21 +0000 (13:05 +0000)]
Implemented permanent certificate coupling plugin

10 years agoUpdate duplicheck entry during IKE rekeying
Martin Willi [Mon, 28 Feb 2011 14:49:50 +0000 (14:49 +0000)]
Update duplicheck entry during IKE rekeying

10 years agoRemove entry from active duplicate list only if it was not in checking
Martin Willi [Tue, 22 Feb 2011 10:16:13 +0000 (11:16 +0100)]
Remove entry from active duplicate list only if it was not in checking

10 years agoAdded an example application listening to duplicheck notifications
Martin Willi [Wed, 9 Feb 2011 15:28:31 +0000 (16:28 +0100)]
Added an example application listening to duplicheck notifications

10 years agoNotify duplicate detections over a UNIX sockets to listening applications
Martin Willi [Wed, 9 Feb 2011 15:15:21 +0000 (16:15 +0100)]
Notify duplicate detections over a UNIX sockets to listening applications

10 years agoAdded an advanced duplicate checking plugin with liveness check of old SA
Martin Willi [Wed, 9 Feb 2011 14:04:21 +0000 (15:04 +0100)]
Added an advanced duplicate checking plugin with liveness check of old SA

10 years agoInvert check to delete unestablished IKE_SAs to not delete them once established
Martin Willi [Wed, 9 Feb 2011 14:03:08 +0000 (15:03 +0100)]
Invert check to delete unestablished IKE_SAs to not delete them once established

10 years agoAdded whitelist plugin NEWS
Martin Willi [Tue, 8 Feb 2011 08:40:14 +0000 (09:40 +0100)]
Added whitelist plugin NEWS

10 years agoAdded a whitelist command line utility to control whitelist plugin
Martin Willi [Thu, 3 Feb 2011 16:06:40 +0000 (17:06 +0100)]
Added a whitelist command line utility to control whitelist plugin

10 years agoAdded a UNIX socket based control backend to whitelist plugin
Martin Willi [Thu, 3 Feb 2011 13:37:45 +0000 (14:37 +0100)]
Added a UNIX socket based control backend to whitelist plugin

10 years agoImplemented a in-memory peer identity whitelist plugin
Martin Willi [Thu, 3 Feb 2011 12:38:13 +0000 (13:38 +0100)]
Implemented a in-memory peer identity whitelist plugin